首页 在线课程 大数据技术与应用 6.配置免密码登录

# 配置免密码登录

SSH (Secure Shell) 是建立在 TCP/IP 协议的应用层和传输层基础上的安全协议。SSH 保障了远程登录和网络传输服务的安全性,起到了防止信息泄露等作用。通过 SSH 可以对文件进行加密处理,SSH 也可以运行于多平台,配置 SSH 无密码登录的步骤如下。

# 配置 SSH 无密码登录

  • (1)使用 ssh-keygen 产生公钥与私钥对,输入命令 “ssh-keygen -t rsa”,接着按三次 Enter 键。
    使用ssh-keygen产生公钥与私钥对
    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    19
    20
    21
    22
    [root@master ~]# ssh-keygen -t rsa
    Generating public/private rsa key pair.
    Enter file in which to save the key (/root/.ssh/id_rsa): 
    Created directory '/root/.ssh'.
    Enter passphrase (empty for no passphrase): 
    Enter same passphrase again: 
    Your identification has been saved in /root/.ssh/id_rsa.
    Your public key has been saved in /root/.ssh/id_rsa.pub.
    The key fingerprint is:
    20:dc:3e:20:db:26:64:a9:7f:aa:9f:b5:80:aa:ae:d3 root@master
    The key's randomart image is:
    +--[ RSA 2048]----+
    |                 |
    |   o .           |
    |  = + o          |
    | + + + .         |
    |. o o o S        |
    | o o   .         |
    |..o o            |
    |o E* .           |
    |O=+ .            |
    +-----------------+

    生成私有密钥 id_rsa 和公有密钥 id_rsa.pub 两个文件。ssh-keygen 用来生成 RSA 类型的密钥以及管理该密钥,参数 “-t” 用于指定要创建的 SSH 密钥的类型为 RSA。
    (2)用 ssh-copy-id 将公钥复制到远程机器中
    用ssh-copy-id将公钥复制到远程机器中
    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    19
    20
    21
    22
    23
    24
    25
    26
    27
    28
    29
    30
    31
    32
    33
    34
    35
    36
    37
    [root@master ~]# ssh-copy-id -i /root/.ssh/id_rsa.pub master
    The authenticity of host 'master (192.168.146.171)' can't be established.
    RSA key fingerprint is 55:83:9a:cb:34:60:b6:ce:0f:03:39:dd:e9:fc:99:c4.
    Are you sure you want to continue connecting (yes/no)? yes
    Warning: Permanently added 'master,192.168.146.171' (RSA) to the list of known hosts.
    root@master's password: 
    Now try logging into the machine, with "ssh 'master'", and check in:

      .ssh/authorized_keys

    to make sure we haven't added extra keys that you weren't expecting.

    [root@master ~]# ssh-copy-id -i /root/.ssh/id_rsa.pub slave1
    The authenticity of host 'slave1 (192.168.146.172)' can't be established.
    RSA key fingerprint is 55:83:9a:cb:34:60:b6:ce:0f:03:39:dd:e9:fc:99:c4.
    Are you sure you want to continue connecting (yes/no)? yes
    Warning: Permanently added 'slave1,192.168.146.172' (RSA) to the list of known hosts.
    root@slave1's password: 
    Now try logging into the machine, with "ssh 'slave1'", and check in:

      .ssh/authorized_keys

    to make sure we haven't added extra keys that you weren't expecting.

    [root@master ~]# ssh-copy-id -i /root/.ssh/id_rsa.pub slave2
    The authenticity of host 'slave2 (192.168.146.173)' can't be established.
    RSA key fingerprint is 55:83:9a:cb:34:60:b6:ce:0f:03:39:dd:e9:fc:99:c4.
    Are you sure you want to continue connecting (yes/no)? yes
    Warning: Permanently added 'slave2,192.168.146.173' (RSA) to the list of known hosts.
    root@slave2's password: 
    Now try logging into the machine, with "ssh 'slave2'", and check in:

      .ssh/authorized_keys

    to make sure we haven't added extra keys that you weren't expecting.

    [root@master ~]#

    (3)验证是否设置无密码登录,在 master 虚拟机上进行测试
    验证是否设置无密码登录
    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    [root@master ~]# ssh slave1
    Last login: Mon Nov 23 00:58:04 2020 from 192.168.146.100
    [root@slave1 ~]# exit   # 已经免密码登录slave1中,主机名已经发生变化
    logout
    Connection to slave1 closed.
    [root@master ~]# ssh slave2
    Last login: Mon Nov 23 01:04:19 2020 from 192.168.146.100
    [root@slave2 ~]# exit
    logout
    Connection to slave2 closed.
    [root@master ~]#